Computer Associates is developing centralized security management software that it says will help large companies better manage and control the disparate security products that are growing so rapidly they are becoming increasingly difficult to monitor.
The development effort, which will likely take a seat at the heart of CA's eTrust security division, is set to be formally announced at the company's annual user and developer event, CA World, in Orlando this April.
Despite making headline news appearances every time a large-scale virus outbreak occurs, security has yet to attract sufficient attention at the majority of large enterprises, says CA. In fact, Simon Perry, CA's VP for security solutions, says that when it comes to security, as many as 70% of top executives "just don't get it." This suggests an almost casual disregard of security issues among some companies; although Perry does mitigate this by saying corporate decision makers are "slowly coming 'round" to the importance of effective security management. Indeed, some vertical industries -- government, healthcare and finance especially -- clearly do "get it," but that still leaves an awful lot of businesses that are insufficiently protected.
One of the main issues, says Perry, is that companies on the whole still think they can address security problems using technology alone. "Technology is only 50% of it; if someone e-mails you and asks for a password, then you've lost all your security," he says. Also, 90% of viruses in 2001 came in the form of e-mail attachments, and virus writers have become increasingly adept at exploiting social habits to trick users into opening damaging e-mails. This threat shows no sign of abating in 2002, says Perry, and CA expects a feature of outbreaks this year will be viruses that contain malicious payloads. But these are the kind of issues that security companies have always bemoaned. Why, especially in the aftermath of September 11, is the message still not loud and clear?
By delivering products that seek to counter the virus writer and other unwanted intruders, the buck ultimately stops with security software vendors. Perry says there's a rapidly accelerating demand for centralized management of security that will ultimately help companies better implement, control and monitor their security policies. CA is duly obliging, and will in the spring announce software designed expressly to manage all aspects of a security infrastructure, including firewall, intrusion detection and antivirus. CA already has a wide portfolio of management products that address point issues -- such as access control, single sign-on, audit, user administration and policy compliance -- but the company appears to be moving toward an umbrella approach covering multiple products. CA stresses that the forthcoming offering will be independent of its Unicenter systems management framework, thus maximizing the potential audience the product can target.
Despite the apparent lack of understanding, it's currently a good time to be selling security software, which may seem paradoxical. Two of CA's main rivals in the security space ?- Network Associates and Symantec -? both blew past quarterly analyst revenue and earnings estimates this week, buoyed not only by healthy consumer demand for antivirus products, but also by strong demand for enterprise security products, such as Network Associates' Sniffer network monitoring tool and Symantec's firewall and intrusion detection products from the Axent acquisition. Some insight on whether Network Associates and Symantec perhaps "get it" more than CA should be provided Tuesday, when CA announces its third-quarter results.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.